Amos Shapira <amoss @
cs .
huji .
ac .
il> writes:
# Dorian Deane <dorian @
cobalt .
house .
gov> writes:
# |
# |alastair @
Cadence .
COM (Alastair Young) writes:
# |
# |> I don't filter out any, I just use the tcpd as a logger in this case.
# |> Sendmail itself doesn't log VRFY queries and other manual jiggerypokery,
# |> but this way I get a log of ALL connections to the port.
# |
# |How can this work? First a connection is passed to tcpd, and that
# |is logged as a connection, but after that, the VRFYs and such are
# |passed directly to sendmail. tcpd is out of the picture and
# |you just get sendmail's normal logging. Or am I missing something?
#
# I suppose you are right about this particular implementation. But it
# shouldn't be difficult to pass the input to sendmail through a filter which
# logs suspicious commands.
In the long run, I'd encourage folks to fix the logging in Sendmail.
FTP used to have the same problem of insufficient logging. Some
talented people took the time to fix it, and now the base FTP code
from (for instance) Berkeley and WU-ARCHIVE has extensive logging
capabilities.
-Brent
--
Brent Chapman Great Circle Associates
Brent @
GreatCircle .
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041